github linuxserver/docker-bookstack v22.02.3-ls6

2 years ago

LinuxServer Changes:

Add symlinks for theme support.

bookstack Changes:

Security Release

This is a security release that adds better protections against embedded content that could be used in malicious ways. This effectively restricts embedded iframe content in an allow-list approach.

A new ALLOWED_IFRAME_SOURCES option has been added to provide configuration of allowed embed/iframe sources within BookStack pages, and this defaults to a couple of popular services such as YouTube and Vimeo.

Please see this link for more detail regarding this option:

It's advised to upgrade as soon as possible if untrusted users can create or update pages within your BookStack instance.

Thanks to @416e6e61 (Anna) for discovering and reporting this vulnerability via huntr.dev.

Full List of Changes

  • Added iframe allow-list control to prevent a range of malicious uses of untrusted iframe sources. (#3314)
  • Updated translations with latest Crowdin changes. (#3312)

Don't miss a new docker-bookstack release

NewReleases is sending notifications on new releases.